Consider Reading Network Flow Analysis

If I could write an Amazon.com book review of Network Flow Analysis by Michael W Lucas, I would give it five stars. Why won't I? The reason is that Michael asked me to be the technical reviewer for the book, and I don't feel comfortable publishing a review when I am potentially identified with the content. Michael did such an awesome job writing his newest book that my tech edit was fairly easy. However, I would prefer to say a few words on my blog rather than assign stars at Amazon.com.

(Note: for those of you who do some research and find my review of the excellent Linux Firewalls by Michael Rash, you'll see I issued a disclaimer that I wrote the foreword. I felt that writing a foreword is different than tech editing, because a tech editor is partially responsible for the content of the entire book. A foreword author is more or less writing an endorsement, like a review that's published in the book itself. You may not agree with this differentiation -- it's up to you.)

Why do I like Network Flow Analysis? As I've said before, Michael W Lucas is probably my favorite technical author. He is complete, accurate, and entertaining like no one else. He has an uncanny ability to know what the reader needs to accomplish a technical task. I consider many of his books the definitive works in their fields. With Network Flow Analysis, Michael teachers readers how to implement a NetFlow-based monitoring architecture using open source tools and code. He focuses on using Flow-Tools for analysis and Softflowd for capture when NetFlow export is unavailable or undesirable. He adds other tools and approaches when needed, including visualization with Gnuplot. I found that section to be interesting because he provides background on using Gnuplot before enlisting its help with flow data. Michael also provides conversion mechanisms for devices exporting NetFlow v9.

If you want to implement a NetFlow-based instrumentation architecture using open source, or perhaps integrate various platforms into a commercial analysis engine, Network Flow Analysis is the book for you.

Comments

I don't tolerate links to pirated content.
JimmytheGeek said…
It's refreshing to see someone actually care about conflict of interest. Thanks for finding a way to share your view of the book.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics